Re: [Phplib-users] phplib and IE 6 authentication not working
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] phplib and IE 6 authentication not working
|
From: Nathaniel P. <np...@te...> - 2004-06-21 16:48:53
|
On 6/21/2004 9:25 AM, pau...@mo... wrote : >Marko > >Many thanks for the reply. > >I have done some more digging and found that IE6 implements the P3P privacy policy: > >http://www.oreillynet.com/pub/wlg/1539 > >"MSIE 6 has an inaccurate definition of third party cookies. If your domain is hosted on one server and your PHP stuff is on another, the IE6 P3P implementation considers any cookies sent from the second machine "third party". Third party cookies will be blocked automatically in most privacy settings if not accompanied by what MS considers "an appropriate Compact Policy". > >This appears to break the cookies and so breaks the sessions. The page suggests adding a header immediately before the cookie, ie: > >header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); > >Does any one have any thoughts on where best to put this? Presumably in session4.inc? Or would it be better in the page itself? > > I was going to email and suggest you look into P3P, but it looks like you've already figured that out. :) Anyway, if you want sessions to work, you'll need to make sure that this header is sent before the cookie used for sessions is sent. session4.inc is probably the best place for this, but be aware that this issue affects all cookies sent to IE6, so if there are sections of your site that doesn't use PHPlib, make sure to use the header there. If you want to put the header into session4.inc, the best place for it would be in the function put_headers(), before the switch statement, or (if that doesn't work, for some reason), in the function start() before the call to set_tokenname(). This will guarantee that the header is sent whenever PHPlib sessions are used. Another possibility, if you want this to be applied sitewide, would be to create a simple PHP file with the header() function in it, and then use the auto_prepend_file configuration in php.ini or in the Apache configuration to always execute this code anytime a PHP file is proccessed. -- ___________________________ Nathaniel Price http://www.tesserportal.net Webmaster |
